Skip to main content

Dokan Pro CVE-2026-12079

| EUVDEUVD-2026-39165 MEDIUM
SQL Injection (CWE-89)
2026-06-25 Wordfence GHSA-r6wq-h383-2vw2
6.5
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable endpoint, low complexity, Subscriber-level auth required (PR:L); purely a read/exfiltration flaw with no integrity or availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 25, 2026 - 04:31 vuln.today
CVE Published
Jun 25, 2026 - 03:42 nvd
MEDIUM 6.5

DescriptionCVE.org

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

AnalysisAI

Time-based blind SQL injection in the Dokan Pro WordPress plugin allows network-accessible authenticated attackers with Subscriber-level privileges to extract sensitive data from the underlying WordPress database. The flaw resides in the 'orderby' parameter, which is insufficiently escaped and passed into unparameterized SQL queries across all plugin versions through 5.0.4. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register or obtain Subscriber account
Delivery
Authenticate to WordPress site
Exploit
Send crafted HTTP request with malicious 'orderby' payload
Execution
Trigger time-based SQL execution delay
Persist
Measure response timing to infer database bit values
Impact
Iteratively extract sensitive database contents

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a valid WordPress account at Subscriber level or above on the target site - this is the lowest non-anonymous role in WordPress and is commonly auto-granted upon public registration on marketplace sites. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) accurately reflects a medium-severity but high-confidentiality-impact issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a free Subscriber account on a Dokan Pro-powered WooCommerce marketplace site, then sends crafted HTTP requests to the vulnerable endpoint with a malicious 'orderby' parameter containing time-based SQL payloads (e.g., appending ORDER BY SLEEP(5) constructs). By measuring response latency, the attacker iteratively extracts database contents - including WordPress user table credentials, customer PII, and WooCommerce order data - without triggering visible errors. …
Remediation The primary remediation is to update the Dokan Pro plugin to a version beyond 5.0.4; however, no exact patched release version was confirmed in the provided input data - administrators should consult the Wordfence advisory (https://www.wordfence.com/threat-intel/vulnerabilities/id/5bf95020-ac4f-4fb2-8fb4-a9998005991c?source=cve) and the official Dokan changelog at https://dokan.co/ to identify the current fixed release and apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy